Endpoint Vulnerability

Profile path leaks to Android system log

Description

Mozilla developer Roee Hay reported that Firefox for Android profile paths leak to the Android system log. When running on Android 4.2 or earlier, other applications are able to read these log files, leading to information disclosure from the user's profile directory. This issue was also independently reported by Mozilla developer Richard Newman.

Affected Products

Firefox

References

CVE-2014-1484,